I guess this is somewhat of a series now. Hummm.....

Previous (now) parts:

In (now) part 1, I showed how to install IBM HTTP Server (IHS) with Domino 9 on Windows
In (now) part 2, I showed how to use an existing Domino keyfile SSL certificate on IHS

In this (now) part 3 I will show how to redirect all IHS traffic to SSL when using the Domino 9 built-in IHS server. This is most likely how you want iNotes or Traveler servers set up.....so here goes:

0.5) Make sure you already have SSL working before you do this (aka part 2)

1) Backup the original domino.conf file (under domino/ihs/conf)

2) Edit the domino.conf file on the Domino server

3) Uncomment the line

LoadModule rewrite_module modules/mod_rewrite.so


4) Add the following immediately after the LoadModules section:


#-------------
RewriteEngine On
# handy for seeing what's going on when the web server tries to redirect
#RewriteLog "C:/rwlog.txt"
#RewriteLogLevel 1
# if the port's not 443 (ssl)...
RewriteCond %{SERVER_PORT} !^443$
#...redirect it to the same page but make it SSL
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
#-----------------


5) Restart HTTP on Domino, if no errors you should be in business. If you have any issues uncomment the two "RewriteLog" entries (lines 4 and 5), restart HTTP and see what the log has in it.

6) Open a browser and browse to a URL on the server, it should now be automatically redirected from http to https

Here is a screen grab of my domino.conf after the additions so you get an idea of where to put it:

Image:Setting up IBM HTTP Server to redirect all traffic to HTTPS when fronting Domino (I guess this is part 3???)

For the record some of this information was gleaned from IBM Technote 1107738.
Darren Duke   |   May 30 2013 07:03:05 AM   |    ihs  domino  9    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (6)

Gravatar Image
1 - Richard Moy    http://www.dominointerface.com    05/30/2013 11:15:59 AM

So when are they going to have it available for Linux? We no longer have Windows server.

Gravatar Image
2 - Darren Duke       05/30/2013 11:31:56 AM

My guess is IBM have to port mod_domino to the other platforms and "tweak" the Domino HTTP task but that's just a guess on my part. A PMR is probably your best bet right now.

Gravatar Image
3 - Stephan H. Wissel    http://www.wissel.net/    05/30/2013 7:56:56 PM

It is on the list for the developers, but it hasn't been tagged with a version yet. My guess 9.0x, with x > 0

Gravatar Image
4 - Donald       07/02/2013 2:44:39 AM

Nice posts so far on the IHS - I guess if you want only the login portion of your session to get SSL and the remainder http you would need to modify the ReWriteRule - a bit trickier but entirely possible - would just need to figure out the syntax of the rule??

Gravatar Image
5 - Youssef EL HADj       09/23/2013 10:33:25 AM

Hi,

1st thx for this helpful post. followed it and it works for me.

Have you tried to continue in this and make client authentication via internet certificate ?

I upgraded to V9 for the support of newer certificate version with version 8.5.3 and older it was working good.

thx again

Gravatar Image
6 - Paul Thomas       04/10/2014 5:22:49 PM

I was just about to try this, but Domino Website security is performing the redirect to SSL anyway.

Will I run into problems by not using the IBM HTTP Server to perform this function?